diff --git a/2021/29xxx/CVE-2021-29400.json b/2021/29xxx/CVE-2021-29400.json index ddd0ed8927d..17fe7527cf8 100644 --- a/2021/29xxx/CVE-2021-29400.json +++ b/2021/29xxx/CVE-2021-29400.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29400", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29400", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://get-simple.info/extend/plugin/my-smtp-contact/1221/", + "refsource": "MISC", + "name": "http://get-simple.info/extend/plugin/my-smtp-contact/1221/" } ] } diff --git a/2021/38xxx/CVE-2021-38511.json b/2021/38xxx/CVE-2021-38511.json new file mode 100644 index 00000000000..762538d8524 --- /dev/null +++ b/2021/38xxx/CVE-2021-38511.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-38511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2021-0080.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2021-0080.html" + }, + { + "url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tar/RUSTSEC-2021-0080.md", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tar/RUSTSEC-2021-0080.md" + } + ] + } +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38512.json b/2021/38xxx/CVE-2021-38512.json new file mode 100644 index 00000000000..bd671e20c89 --- /dev/null +++ b/2021/38xxx/CVE-2021-38512.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-38512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling (aka HRS) can occur, potentially leading to credential disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2021-0081.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2021-0081.html" + }, + { + "url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/actix-http/RUSTSEC-2021-0081.md", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/actix-http/RUSTSEC-2021-0081.md" + } + ] + } +} \ No newline at end of file